← Volver a CVEs
CVE-2025-36752
CRITICAL9.8
Descripcion
Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that this is effectively backdoor for all devices utilizing a Growatt ShineLan-X communication dongle.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado12/13/2025
Ultima modificacion1/14/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
growatt:shine_lan-xgrowatt:shine_lan-x_firmware
Debilidades (CWE)
CWE-798
Referencias
https://csirt.divd.nl/CVE-2025-36752/(csirt@divd.nl)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.